VelocIQ · Privacy Notice
VelocIQ
VelocIQ LLC · Houston, Texas
Privacy Notice
Effective Date: July 7, 2026
This Privacy Notice describes how VelocIQ LLC collects, uses, stores, and protects information in connection with the VelocIQ platform. It is addressed to the business entities and individuals who use or are subject to the VelocIQ platform.
VelocIQ LLC is a B2B organizational intelligence company based in Houston, Texas. VelocIQ is not a data broker. It is not a consumer product. VelocIQ processes organizational communications data on behalf of the businesses that contract for its services, for the sole purpose of generating intelligence output for those businesses' internal use.
For questions about this Notice or VelocIQ's data practices, contact us at admin@velociq.ai.
VelocIQ processes the following categories of data from the Microsoft 365 environment of its client organizations, pursuant to explicit written authorization from the client:
— Email messages: sender, recipients, subject, body, timestamps, attachments metadata
— Microsoft Teams messages: message content, sender, recipients, timestamps
— Calendar data: meeting titles, participants, dates, times, and meeting metadata
— Contact data: names, email addresses, and organizational relationships derived from the above
VelocIQ does not access personal consumer accounts. All access is limited to the client's business Microsoft 365 tenant and the specific data categories authorized in the client's data access agreement.
VelocIQ collects information necessary to operate the platform, including: authorized user email addresses, login events, feature usage patterns, and error logs. This data is used solely for platform operation, security, and improvement.
VelocIQ does not collect: payment card numbers (handled by payment processors); health or medical information; government identification numbers; data from personal devices or personal email accounts not part of the client's Microsoft 365 tenant; or data from minors.
VelocIQ uses Communications Data solely for the following purposes:
— Ingesting, normalizing, and storing communications data in the VelocIQ multi-tenant database on the client's behalf
— Running signal detection, relationship health scoring, and briefing generation algorithms against the client's data
— Generating intelligence outputs — briefings, scores, signals — for display to the client's authorized users
— Calibrating signal detection thresholds and scoring parameters based on client feedback
— Operating, maintaining, securing, and improving the platform
— Complying with applicable law
VelocIQ uses large language model APIs (currently Anthropic Claude) to extract structured intelligence from communications data. Communications data is transmitted to the Anthropic API for this purpose pursuant to Anthropic's data processing terms. VelocIQ does not permit AI providers to use client data to train general-purpose models.
VelocIQ may use aggregate and anonymized patterns derived from client data for internal benchmarking, signal calibration, and platform improvement. Aggregate data cannot be used to identify any individual or any specific client organization.
VelocIQ does not sell, rent, or otherwise transfer client Communications Data or identifiable intelligence outputs to any third party for commercial purposes. This prohibition is absolute.
Communications Data is stored in Microsoft Azure infrastructure located in the United States (West US 3 region). Raw communications are stored in Azure Blob Storage. Extracted intelligence signals and scores are stored in Azure PostgreSQL. All storage is within a per-tenant isolated container.
VelocIQ maintains the following minimum security controls:
— AES-256 encryption at rest in a per-tenant dedicated storage container
— TLS 1.2 or higher encryption for all data in transit
— OAuth 2.0 authentication for Microsoft 365 access — no client credentials stored by VelocIQ
— All access tokens and credentials stored exclusively in Azure Key Vault
— Access limited to authorized VelocIQ personnel and contractors on a need-to-know basis
— Multi-factor authentication required for all personnel with system access
VelocIQ contractors who require access to client data are subject to written non-disclosure and data handling agreements that impose confidentiality, security, and use restrictions at least as protective as those in this Notice and in the client's service agreement. Contractors are granted the minimum access necessary for the specific task authorized in writing.
In the event of a confirmed security breach that affects client Communications Data, VelocIQ will notify affected clients in writing as promptly as practicable and in no event later than required by applicable law.
VelocIQ retains Communications Data and Intelligence Output for the duration of the client's service agreement plus a ninety (90) day period following termination to allow for transition and export. After that period, identifiable data is deleted unless the client has made a written request for earlier deletion.
A client may request deletion of its identifiable Communications Data and Intelligence Output at any time by written notice to admin@velociq.ai. VelocIQ will complete deletion within thirty (30) days and will provide written confirmation. Aggregate and anonymized data derived from client data may be retained as part of the platform's general calibration corpus.
Data stored in routine system backups is deleted in the ordinary course of VelocIQ's backup rotation schedule, which does not exceed ninety (90) days.
The VelocIQ platform processes internal communications of client organizations, which may include messages and emails sent or received by the client's employees. VelocIQ provides the intelligence tooling. The client organization is the employer and is solely responsible for:
— Ensuring its use of the platform complies with applicable federal, state, and local workplace monitoring and electronic communications laws
— Providing employees with adequate notice of communications monitoring
— Obtaining any required employee consents
Employee data processed by VelocIQ is used solely to generate intelligence for the employer-client. VelocIQ does not provide employee data to any person other than the client's authorized users. Individual employee intelligence is not sold, shared, or disclosed to any third party.
VelocIQ relies on the following categories of third-party service providers to deliver the platform:
— Microsoft Azure: cloud infrastructure, storage, and Key Vault credential management
— Anthropic: large language model API for signal extraction and intelligence generation
— Microsoft Graph API: Microsoft 365 data access
Each provider is subject to its own privacy terms. VelocIQ selects providers that maintain appropriate security and confidentiality standards. VelocIQ does not share client data with advertising networks, data brokers, or analytics services.
As a client organization, you have the right to: request a description of the Communications Data categories VelocIQ holds for your tenant; request deletion of your data pursuant to Section 5.2; revoke VelocIQ's access to your Microsoft 365 tenant at any time through the Microsoft Entra admin center; and receive written confirmation of deletion.
Employees or other individuals whose data may be processed as part of a client organization's Communications Data should direct rights requests to their employer (the VelocIQ client). VelocIQ will cooperate with clients in responding to such requests consistent with the client's data access agreement.
If VelocIQ is required by valid legal process to disclose client data, VelocIQ will provide the client with prompt written notice before any disclosure to the extent permitted by law, and will cooperate with the client's efforts to seek a protective order or other relief.
The VelocIQ web application uses session authentication cookies necessary for platform operation. VelocIQ does not use advertising cookies, tracking pixels, or third-party analytics services on authenticated platform pages. The VelocIQ marketing website (velociq.ai) may use limited analytics to measure traffic and improve the site. VelocIQ does not sell website visitor data.
VelocIQ may update this Privacy Notice to reflect changes in its data practices, applicable law, or platform functionality. Material changes will be communicated to active clients by email at least thirty (30) days before the effective date. The current version of this Notice is always available at velociq.ai and upon request from admin@velociq.ai.
For questions about this Privacy Notice or VelocIQ's data practices:
VelocIQ LLC
Houston, Texas
admin@velociq.ai
We will respond to written inquiries within ten (10) business days.
Page